Google Chrome to get warnings for 'lookalike URLs'

Chrome to show warnings when accessing mistyped domains.
Written by Catalin Cimpanu, Contributor

The Google Chrome browser is set to add a feature that will warn users when accessing sites with domain names that look like authentic websites.

The feature has been in the works for quite some time at Google and is a response to the practice of using typosquatted domains or IDN homograph attacks to lure users on websites they didn't intend to access.

For example, crooks often register misspelled versions of popular domains, such as paypall.com, or they'd use domains with Unicode characters like coịnbạse.com to host phishing pages and steal users' credentials.

But since the release of Chrome Canary 70, Google engineers have been testing a new feature called "Navigation suggestions for lookalike URLs."

In Chrome Canary distributions --Google Chrome's testing ground for new features-- users can access the following URL to enable the feature:


Chrome lookalike URL flag
Image: ZDNet

Once enabled, this new mechanism will show a dropdown panel under the Chrome address bar, asking the user if he really meant to type and access that URL, which Chrome deemed dangerous due to its close resemblance with a more legitimate site.

Chrome lookalike URL flag in action
Image: ZDNet

This Chrome flag is also present in the stable version of Chrome, but in our tests, it failed to detect the same URLs that Canary picked up, meaning Google engineers are still fine-tuning their lookalike URL detection system before its official release.

It is unclear when this feature will officially ship, but it must be really close to being finalized, seeing that a Google Chrome engineer gave a presentation about it yesterday, January 29, at the USENIX Enigma conference held in the US. More on her presentation in coverage from our sister site CNET.

All the Chromium-based browsers

More browser coverage:

Editorial standards